Security schemes for Players
Chipp Walters
chipp at chipp.com
Sat Oct 2 01:27:54 EDT 2004
Hi Alejandro.
I have a player which downloads stacks from a web page. Here's how I do it:
I password protect my stacks
I create a custom control (btn,fld,img,etc..) and set the script to a
secret word only I know.
When I try and launch one of my stacks I do the following:
1. lock messages (preOpenCard handler won't run)
2. check for the existence of the control
3. get the script of the control and compare it to the string I know
4. if all is OK, then I open the stack and unlock messages.
Don't put the password in a custom prop as it isn't encoded when the
stack is password protected. You could also do something fancy with a
checksum function if you wanted.
hope this helps,
Chipp
Alejandro Tejada wrote:
> Did anyone devised a safe and sound
> method to ensure that only your authorized
> stacks were able to open and play in your
> custom players?
>
> I've thought about reading some custom
> properties (wrote while developing the stacks)
> before opening the stacks, but i'm not sure
> if this will prevent that not authorized
> stacks will run offensive code within a
> preopenstack handler.
>
> Could you share experiences on this topic?
More information about the metacard
mailing list